Signed-off-by: David Galloway <dgallowa@redhat.com>
This role is heavily modified to be primarily useful for our test labs that only have two or three subnets. See https://wiki.sepia.ceph.com/doku.php?id=services:networking.
-This role checks for firewalld and iptables. It will configure firewalld unless iptables is running. It **does not** configure iptables. At the time the role was created, our DHCP server was running other services and its iptables was already heavily modified and configured. This reason, along with firewalld being the default in CentOS 7, is why iptables configuration is skipped.
+This role checks for firewalld and iptables. It will configure firewalld unless iptables is running. It **does not** configure iptables and will not install or configure firewalld if it's not installed. At the time the role was created, our DHCP server was running other services and its iptables was already heavily modified and configured. This reason, along with firewalld being the default in CentOS 7, is why iptables configuration is skipped.
Variables
+++++++++
name: firewalld
state: started
enabled: yes
- when: iptables_state.rc != 0
+ when:
+ - iptables_state.rc != 0
+ - "'No such file or directory' not in firewalld_state.msg"
- name: Configure firewalld
firewalld:
state: enabled
permanent: true
immediate: yes
- when: iptables_state.rc != 0
+ when:
+ - iptables_state.rc != 0
+ - "'No such file or directory' not in firewalld_state.msg"
- name: Write global dhcpd.conf
template:
projects / ceph-cm-ansible.git / commitdiff